SlideShare a Scribd company logo

Digital Forensic Case Study

Download as PPTX, PDF
MyAssignmenthelp.com
MyAssignmenthelp.com

Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.

Education
1 of 16
 justify why use of the digital forensic methodology and approach is warranted including procedures for corporate investigation.(Apply with the case study)  describe the resources required to conduct a digital forensic investigation, including team member skill sets and required tools. .(Apply with the case study)  outline an approach for data/evidence identification and acquisition that would occur in order to prepare the auditors for review of the digital evidence. .(Apply with the case study)  outline an approach and steps to be taken during the analysis phase making the assumption the computer system is a Microsoft Windows-based computer. .(Apply with the case study)  create a table of contents for the investigative plan describing what the primary focus of the report would be. .(Apply with the case study) myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html For more information :
 Global finance company has 10000 employees.  It has introduced network communication and computerization in all its branches  A fear of security was raised by one of the managers  Digital forensic audit was performed to look into the security issues  The investigation was conducted on the MS word, Outlook, and other deleted files in the manager’s computer For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
◦ The data from the target computer should not be modified but kept for reference ◦ The audit team must have high skill and expertise ◦ The relevant documentation and trial conducted by the audit team must be preserved ◦ Information Security Officer is solely responsible for the security. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
◦ Recognize the security systems that has lapsed. ◦ Recognize all the digital evidence ◦ All the malicious activities are recognized with 5W’s ◦ Recognize the legal procedure ◦ To analyze and find the impact on the branch ◦ Submit the final report to the head For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
◦ Collection ◦ Examination ◦ Analysis ◦ Report For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 It is basically the acquisition of data  Recording and labeling the data of the computers in the Queensland branches  Two ways of collecting data: ◦ Volatile ◦ Non-volatile  Data is also collected from other sources like offline and online. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 The computer of the manager that is targeted computer can be accessed via. LAN connection.  A tool collection that is trusted and can be recorded and used through cmd.exe file.  The commands needed are: Cryptcat <id address> 6543 – k key Cryptcat -1 –p 6543 –k key >> <filename>  Windows based tools that are to be used on the Windows based systems are, o HBGray’s fastDump to obtain the local physical memory o HBGray’s F-Response to obtain remote physical memory o Ipconfig is used for the collection of subject system details o Netusers and qusers can identify logged in user information o Doskey or history for collecting command history o Netfile is used to identify the services and drivers  Data is acquired from Ram, registry and cache memory, network, etc For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 This kind of data is present in the permanent storage of the computing device.  Copying this type of data for the local office is known as forensic imaging  Data is collected from storage devices like hard disk, CD, DVD, etc.  The data should be preserved without any modifications or alteration.  The process of forensic imaging can be done using tools like, EnCase, ProDiscover and FTK.  The data is imitated as the ROM or read only memory by the team performing audit.  The audit team use write blocker. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 File system assessment : NTFS contains MFT that has information of the files and disc in the OS. To get the file c:more <file1.txt:file2.txt is used.  Windows registry assessment: The window registry structure is HKEY_CLASSES_ROOT HKEY_USERS HKEY_CURRENT_USER HKEY_CURRENT_CONFIG HKEY_LOCAL_MACHINE Information's present here are- user activity, MRU, auto start  Database forensic assessment: Here, DDL, DML transactions in the database is assessed  Network forensic assessment: The browsing data, mails, IP address are assessed. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 Gather the hidden or odd files  Unusual accounts  For strangely opened sockets  Abnormal application requirements  Malicious activities  Total memory investigation  Total file systems investigation  Malware analysis  Total timeline analysis  Total event correlation investigation For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
◦ The computer is identified via. remote access by the attacker ◦ Os patches ◦ The source of compromise ◦ The suspected malware For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 The audit team finally prepares the report after the through investigation ◦ Point of the report: It is submitted so that detail of the investigation can be known to the authorized personnel ◦ Author of the report: Information security officer. ◦ Incident summary: The foundation of the conciliation explored from the computer of the manager and is caused due to x1, x2 and x3 reasons For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
◦ Evidence: All the important digital evidence and log file tracked in the analysis ◦ Analysis: Investigation of the unlawful sources, completed from the sources x, y and z ◦ Conclusion: The computer of the manager and other computing devices in the local office are systematically investigated and lastly the sources are found where they found any sign of compromise ◦ Supporting documents: These documents involve non- volatile and volatile information For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 All the devices in the local as well as the manager’s computer was investigated properly  Examination was done to see unauthorized and authorized sources  The compromise’s source explored and found  The report is submitted to the Information security officer. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
 Kenneth J. Zahn (2013), “Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware Analysis Exercise”, GIAC (FREM) Gold Certification  John Ashcroft (2001), “Electronic Crime Scene Investigation, A guide for First Responders”, NIJ Guide  M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence  Richard Brian Adams (2012), “The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice”  Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). “Systematic Digital Forensic Investigation Model”, International Journal of Computer Science and Security, 5(1), 118- 130.  Armstrong, C. (2003), “Mastering Computer Forensics. In C. Irvine & H. Armstrong”, Security Education and Critical Infrastructures Kluwer Academic Publishers. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html

Recommended

Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics KakshaPatel3
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 

Recommended

Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics KakshaPatel3
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Workshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security CommunityWorkshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security CommunityAntonio Andre
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 

More Related Content

What's hot

Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 

What's hot (20)

Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 

Viewers also liked

Workshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security CommunityWorkshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security CommunityAntonio Andre
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
BDO Digital Forensic
BDO Digital ForensicBDO Digital Forensic
BDO Digital ForensicBDO Indonesia
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital ForensicAung Thu Rha Hein
 
Identifying and Collecting Digital Evidence Webinar
Identifying and Collecting Digital Evidence WebinarIdentifying and Collecting Digital Evidence Webinar
Identifying and Collecting Digital Evidence WebinarCase IQ
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Frank Boldewin
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 
Forensic Digital Photography and GPS with Google Earth
Forensic Digital Photography and GPS with Google EarthForensic Digital Photography and GPS with Google Earth
Forensic Digital Photography and GPS with Google EarthDean A. Beers, CLI
 
Practical Sentiment Analysis
Practical Sentiment AnalysisPractical Sentiment Analysis
Practical Sentiment AnalysisPeople Pattern
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 

Viewers also liked (20)

Workshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security CommunityWorkshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security Community
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
BDO Digital Forensic
BDO Digital ForensicBDO Digital Forensic
BDO Digital Forensic
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Delitos Informaticos y Legislacion Colombiana
Delitos Informaticos y Legislacion ColombianaDelitos Informaticos y Legislacion Colombiana
Delitos Informaticos y Legislacion Colombiana
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
 
Identifying and Collecting Digital Evidence Webinar
Identifying and Collecting Digital Evidence WebinarIdentifying and Collecting Digital Evidence Webinar
Identifying and Collecting Digital Evidence Webinar
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic
 
Forensic Digital Photography and GPS with Google Earth
Forensic Digital Photography and GPS with Google EarthForensic Digital Photography and GPS with Google Earth
Forensic Digital Photography and GPS with Google Earth
 
Practical Sentiment Analysis
Practical Sentiment AnalysisPractical Sentiment Analysis
Practical Sentiment Analysis
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 

Similar to Digital Forensic Case Study

05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxsmile790243
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics reportyash sawarkar
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemCSCJournals
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaDavid Kearney
 
E discovery2
E discovery2E discovery2
E discovery2elijaht
 
Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3sabtolinux
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

Similar to Digital Forensic Case Study (20)

Computer forencis
Computer forencisComputer forencis
Computer forencis
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic Procedures
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docx
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
 
Forensics
ForensicsForensics
Forensics
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics report
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
 
Design for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic SystemDesign for A Network Centric Enterprise Forensic System
Design for A Network Centric Enterprise Forensic System
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
 
E discovery2
E discovery2E discovery2
E discovery2
 
Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3Latihan4 comp-forensic-bab3
Latihan4 comp-forensic-bab3
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 

Recently uploaded

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 

Digital Forensic Case Study

  • 1.
  • 2.  justify why use of the digital forensic methodology and approach is warranted including procedures for corporate investigation.(Apply with the case study)  describe the resources required to conduct a digital forensic investigation, including team member skill sets and required tools. .(Apply with the case study)  outline an approach for data/evidence identification and acquisition that would occur in order to prepare the auditors for review of the digital evidence. .(Apply with the case study)  outline an approach and steps to be taken during the analysis phase making the assumption the computer system is a Microsoft Windows-based computer. .(Apply with the case study)  create a table of contents for the investigative plan describing what the primary focus of the report would be. .(Apply with the case study) myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html For more information :
  • 3.  Global finance company has 10000 employees.  It has introduced network communication and computerization in all its branches  A fear of security was raised by one of the managers  Digital forensic audit was performed to look into the security issues  The investigation was conducted on the MS word, Outlook, and other deleted files in the manager’s computer For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 4. ◦ The data from the target computer should not be modified but kept for reference ◦ The audit team must have high skill and expertise ◦ The relevant documentation and trial conducted by the audit team must be preserved ◦ Information Security Officer is solely responsible for the security. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 5. ◦ Recognize the security systems that has lapsed. ◦ Recognize all the digital evidence ◦ All the malicious activities are recognized with 5W’s ◦ Recognize the legal procedure ◦ To analyze and find the impact on the branch ◦ Submit the final report to the head For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 6. ◦ Collection ◦ Examination ◦ Analysis ◦ Report For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 7.  It is basically the acquisition of data  Recording and labeling the data of the computers in the Queensland branches  Two ways of collecting data: ◦ Volatile ◦ Non-volatile  Data is also collected from other sources like offline and online. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 8.  The computer of the manager that is targeted computer can be accessed via. LAN connection.  A tool collection that is trusted and can be recorded and used through cmd.exe file.  The commands needed are: Cryptcat <id address> 6543 – k key Cryptcat -1 –p 6543 –k key >> <filename>  Windows based tools that are to be used on the Windows based systems are, o HBGray’s fastDump to obtain the local physical memory o HBGray’s F-Response to obtain remote physical memory o Ipconfig is used for the collection of subject system details o Netusers and qusers can identify logged in user information o Doskey or history for collecting command history o Netfile is used to identify the services and drivers  Data is acquired from Ram, registry and cache memory, network, etc For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 9.  This kind of data is present in the permanent storage of the computing device.  Copying this type of data for the local office is known as forensic imaging  Data is collected from storage devices like hard disk, CD, DVD, etc.  The data should be preserved without any modifications or alteration.  The process of forensic imaging can be done using tools like, EnCase, ProDiscover and FTK.  The data is imitated as the ROM or read only memory by the team performing audit.  The audit team use write blocker. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 10.  File system assessment : NTFS contains MFT that has information of the files and disc in the OS. To get the file c:more <file1.txt:file2.txt is used.  Windows registry assessment: The window registry structure is HKEY_CLASSES_ROOT HKEY_USERS HKEY_CURRENT_USER HKEY_CURRENT_CONFIG HKEY_LOCAL_MACHINE Information's present here are- user activity, MRU, auto start  Database forensic assessment: Here, DDL, DML transactions in the database is assessed  Network forensic assessment: The browsing data, mails, IP address are assessed. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 11.  Gather the hidden or odd files  Unusual accounts  For strangely opened sockets  Abnormal application requirements  Malicious activities  Total memory investigation  Total file systems investigation  Malware analysis  Total timeline analysis  Total event correlation investigation For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 12. ◦ The computer is identified via. remote access by the attacker ◦ Os patches ◦ The source of compromise ◦ The suspected malware For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 13.  The audit team finally prepares the report after the through investigation ◦ Point of the report: It is submitted so that detail of the investigation can be known to the authorized personnel ◦ Author of the report: Information security officer. ◦ Incident summary: The foundation of the conciliation explored from the computer of the manager and is caused due to x1, x2 and x3 reasons For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 14. ◦ Evidence: All the important digital evidence and log file tracked in the analysis ◦ Analysis: Investigation of the unlawful sources, completed from the sources x, y and z ◦ Conclusion: The computer of the manager and other computing devices in the local office are systematically investigated and lastly the sources are found where they found any sign of compromise ◦ Supporting documents: These documents involve non- volatile and volatile information For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 15.  All the devices in the local as well as the manager’s computer was investigated properly  Examination was done to see unauthorized and authorized sources  The compromise’s source explored and found  The report is submitted to the Information security officer. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
  • 16.  Kenneth J. Zahn (2013), “Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware Analysis Exercise”, GIAC (FREM) Gold Certification  John Ashcroft (2001), “Electronic Crime Scene Investigation, A guide for First Responders”, NIJ Guide  M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence  Richard Brian Adams (2012), “The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice”  Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). “Systematic Digital Forensic Investigation Model”, International Journal of Computer Science and Security, 5(1), 118- 130.  Armstrong, C. (2003), “Mastering Computer Forensics. In C. Irvine & H. Armstrong”, Security Education and Critical Infrastructures Kluwer Academic Publishers. For more information : myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment -item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html